LDAP externalizes authentication. When you are using LDAP, authentication decisions are based on whether Adaptive Server can successfully bind to a specified LDAP server on behalf of the user. To bind to an LDAP server, Adaptive Server uses a distinguished name (DN) extracted from the specified LDAP URL.
When
LDAP is enabled, password management is delegated to the LDAP service
providers.
As of Adaptive Server version 12.5.2, LDAP-authenticated users must already exist as valid logins in Adaptive Server. To create new Adaptive Server logins for LDAP-authenticated users automatically, issue:
sp_maplogin, LDAP, NULL, "create login"
Alternatively, LDAP-authenticated users can be mapped to existing Adaptive Server users. For example:
sp_maplogin NULL, "externuser", "aseuser"
For more information, see “Mapping logins using sp_maplogin”.
| Copyright © 2004. Sybase Inc. All rights reserved. |
|
|
